#VU10917 Information disclosure in Linux kernel - CVE-2018-1000028
Published: March 12, 2018
Vulnerability identifier: #VU10917
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1000028
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the Network File System (NFS) server used by the Linux Kernel due to improper access control protections for the NFS server. A remote attacker can view or modify sensitive information from a targeted system via the NFS service and conduct further attacks.
The weakness exists in the Network File System (NFS) server used by the Linux Kernel due to improper access control protections for the NFS server. A remote attacker can view or modify sensitive information from a targeted system via the NFS service and conduct further attacks.
Remediation
Install update from vendor's website.